Hi everyone,
I'm running into an issue when requesting permissions on a Unity Catalog table. Specifically, when trying to request SELECT and MODIFY privileges on a specific table, using Request for Access in Unity Catalog.
I get the following error:
the following permissions are not assignable WrappedArray(MODIFY), valid permissions are: Vector(ALL_PRIVILEGES, SELECT, APPLY_TAG, MANAGE)
From what I understand, Unity Catalog doesn't recognise MODIFY as a valid grantable permission on this object type. Instead, it seems only the following are allowed:
ALL PRIVILEGES
SELECT
APPLY_TAG
MANAGE
Question:
Is MODIFY intentionally not supported for tables in Unity Catalog?
If I need to insert/update/delete records, should I be requesting a different permission (e.g., ALL PRIVILEGES or something more granular)?
Has anyone else run into this when requesting permissions via the UI, and how did you handle it?
Any insights would be greatly appreciated!
Thanks in advance.
Hi @boitumelodikoko ,
Weird, it looks like a bug. MODIFY is a valid permission for table object. You can check it yourself in docs:
Unity Catalog privileges and securable objects | Databricks on AWS
Modify allows user to add, update, and delete data to or from the table if the user also has SELECT on the table as well as USE CATALOG on its parent catalog and USE SCHEMA on its parent schema. Since privileges are inherited, you can grant a user the MODIFY privilege on a catalog or schema, which automatically grants the user the MODIFY privilege on all current and future tables in the catalog or schema.
So, unless your table is foreign table it should work. In my opinion you can raise a bug on databricks support. As a workaround for now, you can request ALL PRIVELAGES permission.
